Web Hosting Use Ispconfig
Total Page:16
File Type:pdf, Size:1020Kb
CHAPTER 5 IMPLEMENTATION AND TESTING 5.1 Implementation Linux Installation 1. According to illustration 5.1 the first step is select the language to install linux. And then create a partition for the linux operating system that will be installed. The partition that will be used in the installation of linux is the swap partition and partition/. 2. According to illustration 5.2 The next step is select the location to determine the timezone in linux. And then select the keyboard layout is used. 3. According to illustration 5.3 the next step is to create a username and password to login to a linux operating system that has been installed. After that the linux installation process will start. 4. According to illustration 5.4 After the installation process is complete restart the computer that has been installed linux. After that login with username and passsword that have been created. 10 11 Illustration 5.1 Display To Select The Language To Install Linux And Create Patition. Illustration 5.2 Display To Select Timezone And Keyboard Layout. 12 Illustration 5.3 Display To Create User And Password And Installation Process Illustration 5.4 Linux Installation Is Complete. ISP Config Installation 1. Open the terminal and sign in as user root. sudo su 2. The next step was to reconfigure the dpkg and select no to use the dash as the default system shell in the bin/sh directory. 13 Illustration 5.5 Reconfigure Dpkg. 3. Disable apparmor. service apparmor stop update-rc.d -f apparmor remove And Remove Apparmor apt-get remove apparmor apparmor-utils Apparmor is a linux security system that can interfere with the installation in the isp config. Apparmor is equal to Selinux which is owned by redhat linux. 4. Installing network time protocol. apt-get -y install ntp ntpdate To set on a system clock with an NTP through internet network when running the server. 5. install e-mail server, MariaDB server, dan Rootkit Hunter. apt-get install rkhunter openssl getmail4 binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo postfix postfix-mysql postfix-doc mariadb-client mariadb-server 14 6. Configure the type of email to use and enter the system's email name. Type of email used is internet site because this type of email can be accessed through web broswer via a computer network. While the name of the email system is the hostname entered is already created when installing linux. Illustration 5.6 Display To Choose The Type Of E-mail To Be Used. Illustration 5.7 Input System Mail Name. 7. Then edit the configuration file postfix in the directory/etc/postfix/master.cf. nano /etc/postfix/master.cf 15 This configuration is used to enable the SMTP port used to send the e- mail. Uncomment on: submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes SASL itself useful for the security of the user when login using Roundcube. Then change the at-o smtpd_client_restrictions becomes -o smtpd_client_restrictions = permit_sassl_authenticated, rejects. This aim as a restriction permission to login to the account email server t hat has created and match the right username and password used to log what is appropriate or not. 8. After the configuration above, the next step is to restart the postfix to run postfix configuration. service postfix restart 9. Before installing mysql server to do is edit the mysql configuration file. nano /etc/postfix/master.cf Uncomment on : bind address = 127.0.0.1 this aim so that mysql can be accessed online viai ISP Config. 16 10. Then install the mysql server and the mysql server configuration use: mysql_secure_installation The configuration of the mysql server in the form of filling the root password that will be used to login to the mysql server, remove the anonymous user so that people who do not have a user account cannot login, root login remotely in order to disallow mysql can be accessed by way of connect to the server and run mysqlnya a command to access the database, delete the test database, and reload privilege table now. All this configuration is used in order for the existing database in mysql be safe Enter current password for root (enter for none): <-- press enter Set root password? [Y/n] y New password: <-- 12345 Re-enter new password: <-- 12345 Remove anonymous users? [Y/n] <-- y Disallow root login remotely? [Y/n] <-- y Reload privilege tables now? [Y/n] <-- y 11. Then Restart Mysql server service service mysql restart 12. The next step is installing spamasssin and clamcav with: apt-get install spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket- ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey 13. Disable spamassasin. service spamassassin stop 17 update-rc.d -f spamassassin remove Because the ISP config will call spamassasin when needed. 14. Install PHP Myadmin, apache web server, and PHP 7.0. apt-get install apache2 apache2-doc apache2-utils libapache2-mod- php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2- suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0- xmlrpc php7.0-xsl memcached php-memcache php-imagick php- gettext php7.0-zip php7.0-mbstring 15. PHP Myadmin Configuration. Configuration of choosing a web server that will be used for PHP Myadmin, and set the password mysql application in PHP Myadmin. The created password will be used to login to the Myadmin PHP page by using the root user. The web server to be used by PHP Myadmin uses apache 2. Illustration 5.8 The display For Select Webserver. 18 Illustration 5.9 Input PHP MyAdmin Password. 16. Then run the suexec rewrite ssl actions file include cgi in the Apache 2 directory. a2enmod suexec rewrite ssl actions include cgi The purpose of running this configuration is to write the certificate to be used by the ISP config as its security system. 17. After that run the configuration file also dav_fs auth_digest dav headers that are in the directory of apache2. a2enmod dav_fs dav auth_digest headers The purpose of running this Setup is so that the user can manage website files on the server. 18. Add a new configuration file with the name httproxy. conf in directory/etc/apache2/conf-available/. nano /etc/apache2/conf-available/httpoxy.conf The contents of the file are httproxy RequestHeader unset the Proxy early. RequestHeader unset Proxy early 19 Because with the httproxy.conf configuration file will overcome the attack by exploiting the deployment via HTTP Proxy that can change the url. then execute the config file httpoxy. a2enconf httpoxy 19. Restart Service Apache2. service apache2 restart 20. Edit the mimetypes file in /etc/ directory. nano /etc/mime.types And uncomment on application / x-ruby rb. #application/x-ruby This configuration is intended to allow the ISP config to grant permissions for each user logged in to the ISP config page. 21. Restart Apache2 service. service apache2 restart 22. Install PHP Opcode Cache & PHP-FPM. apt-get install php7.0-opcache php-apcu libapache2-mod-fastcgi php7.0-fpm 23. Then run the configuration file actions fastcgi alias. a2enmod actions fastcgi alias This configuratio is required to make the process of opening the website faster. 24. Restart apache2 service. service apache2 restart 25. Install let's encrypt. 20 apt-get -y install letsencrypt This software is useful to encrypt the SSL certificate that has been created and will be used for ISP config. 26. Install PureFTPd & Quota. apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool 27. Then edit the pure-ftpd-common configuration file in /etc/default/ directory. nano /etc/default/pure-ftpd-common And change virtualchroot to true. VIRTUALCHROOT=true This configuration is required for each user who will have their own directory which is like a directory / which can later be accessed by filezilla. 28. Then change the number on TLS in the / etc / pure-ftpd / conf / TLS directory to . echo 1 > /etc/pure-ftpd/conf/TLS The configuration is intended to enable TLS as an encryption which will then be used to login to the FTP user that has been created with the ISP config. 29. The next step is to create a parent directory. mkdir -p /etc/ssl/private/ To save SSL keys that will be created later. 30. Then create an SSL certificate that has a validity period of up to 7300 days. 21 openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem Open SSL itself is useful for encrypting the process of sending data from server to client or client to server. 31. Then fill in the SSL certificate by entering the country code, province name, city name, organization name, organization unit name, hostname on server, and e-mail address. Country Name (2 letter code) [AU]: <-- ID. State or Province Name (full name) [Some-State]: <-- Jawa tengah. Locality Name (eg, city) []: <-- Semarang. Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Quantum Organizational Unit Name (eg, section) []: <-- Quantum Common Name (eg, YOUR name) []: <-- fransiskus Email Address []: <-- [email protected] 32. After that change the permission on pure-ftpd.pem.